The Java Runtime Environment (JRE) contains the software and toolsthat users need to run applets and applications written using the Javaprogramming language.

The Javadoc tool was able to generate HTML documentation pages thatcontained cross-site scripting (XSS) vulnerabilities. A remote attackercould use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflowvulnerability within the parsing code for JNLP files. A remote attackercould create a malicious JNLP file that could trigger this flaw and executearbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. Aremote attacker who is able to connect to a JSSE-based service couldtrigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could usethis flaw to circumvent network access restrictions, possibly connecting toservices hosted on the machine that executed the applet. (CVE-2007-3922)

All users of java-sun-1.5.0 should upgrade to these packages, which containSun Java 1.5.0 Update 12 that corrects these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.